Solved Dell Dimension 4600, Netgear WNA3100 WiFi with Malware

[gluttony]

Post-Java, Post-Norton OTL Log 2

========== Files - Modified Within 30 Days ==========

[2010/12/16 22:29:02 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/16 22:05:50 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/16 22:05:46 | 000,001,192 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/12/16 22:05:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/12/16 22:05:30 | 535,875,584 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/16 21:48:01 | 000,001,030 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1380815714-836596746-3658294935-1008UA.job
[2010/12/16 21:12:17 | 000,205,540 | ---- | M] () -- C:\Documents and Settings\Samuel M. Saunders\Desktop\JavaRa.zip
[2010/12/16 20:49:45 | 000,924,816 | ---- | M] () -- C:\Documents and Settings\Samuel M. Saunders\Desktop\Norton_Removal_Tool.exe
[2010/12/16 20:48:01 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1380815714-836596746-3658294935-1008Core.job
[2010/12/16 20:45:32 | 000,002,361 | ---- | M] () -- C:\Documents and Settings\Samuel M. Saunders\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/12/16 20:45:31 | 000,002,383 | ---- | M] () -- C:\Documents and Settings\Samuel M. Saunders\Desktop\Google Chrome.lnk
[2010/12/16 18:33:02 | 000,018,944 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Kingdoms.xls
[2010/12/15 20:14:26 | 000,000,595 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNA3100 Smart Wizard.lnk
[2010/12/15 20:14:26 | 000,000,583 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\NETGEAR WNA3100 Smart Wizard.lnk
[2010/12/14 20:42:46 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2010/12/13 11:43:58 | 003,989,182 | R--- | M] () -- C:\Documents and Settings\Samuel M. Saunders\Desktop\ComboFix.exe
[2010/12/10 21:22:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/12/10 11:49:50 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Samuel M. Saunders\Desktop\MBRCheck.exe
[2010/12/10 11:49:06 | 001,230,779 | ---- | M] () -- C:\Documents and Settings\Samuel M. Saunders\Desktop\tdsskiller.zip
[2010/12/08 14:48:08 | 001,344,600 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Samuel M. Saunders\Desktop\TDSSKiller.exe
[2010/12/07 21:27:23 | 000,040,960 | ---- | M] () -- C:\Documents and Settings\Samuel M. Saunders\Desktop\Avira AntiVir Personal.doc
[2010/12/07 11:07:38 | 000,132,597 | ---- | M] () -- C:\Documents and Settings\Samuel M. Saunders\Desktop\Flash_Disinfector.exe
[2010/12/07 11:03:32 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Samuel M. Saunders\Desktop\TFC.exe
[2010/12/06 14:44:32 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Samuel M. Saunders\Desktop\r86rzteq.exe
[2010/12/06 14:39:26 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Samuel M. Saunders\Desktop\OTL.exe
[2010/12/06 11:26:06 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Samuel M. Saunders\Desktop\HiJackThis.lnk
[2010/12/04 19:27:34 | 000,273,376 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/04 18:49:12 | 000,000,316 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/12/04 18:38:23 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/12/04 17:48:43 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/12/04 17:25:59 | 000,004,444 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[2010/12/04 17:25:48 | 000,422,722 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2010/12/04 17:25:48 | 000,071,186 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/22 16:49:27 | 000,271,360 | ---- | M] () -- C:\Documents and Settings\Samuel M. Saunders\Desktop\contacts.pst
[1 C:\Documents and Settings\Samuel M. Saunders\*.tmp files -> C:\Documents and Settings\Samuel M. Saunders\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/16 21:12:31 | 000,205,540 | ---- | C] () -- C:\Documents and Settings\Samuel M. Saunders\Desktop\JavaRa.zip
[2010/12/16 20:52:56 | 000,924,816 | ---- | C] () -- C:\Documents and Settings\Samuel M. Saunders\Desktop\Norton_Removal_Tool.exe
[2010/12/16 20:45:32 | 000,002,361 | ---- | C] () -- C:\Documents and Settings\Samuel M. Saunders\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/12/16 20:45:31 | 000,002,383 | ---- | C] () -- C:\Documents and Settings\Samuel M. Saunders\Desktop\Google Chrome.lnk
[2010/12/16 20:43:37 | 000,001,030 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1380815714-836596746-3658294935-1008UA.job
[2010/12/16 20:43:36 | 000,000,978 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1380815714-836596746-3658294935-1008Core.job
[2010/12/15 20:14:26 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2010/12/15 20:14:26 | 000,000,595 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNA3100 Smart Wizard.lnk
[2010/12/15 20:14:26 | 000,000,583 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\NETGEAR WNA3100 Smart Wizard.lnk
[2010/12/14 20:50:26 | 535,875,584 | -HS- | C] () -- C:\hiberfil.sys
[2010/12/13 18:24:07 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/12/13 18:24:07 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/12/13 18:24:07 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/12/13 18:24:07 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/12/13 18:24:07 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/12/13 18:18:09 | 003,989,182 | R--- | C] () -- C:\Documents and Settings\Samuel M. Saunders\Desktop\ComboFix.exe
[2010/12/10 12:44:28 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Samuel M. Saunders\Desktop\MBRCheck.exe
[2010/12/10 12:35:34 | 001,230,779 | ---- | C] () -- C:\Documents and Settings\Samuel M. Saunders\Desktop\tdsskiller.zip
[2010/12/07 21:27:23 | 000,040,960 | ---- | C] () -- C:\Documents and Settings\Samuel M. Saunders\Desktop\Avira AntiVir Personal.doc
[2010/12/07 19:12:04 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\Samuel M. Saunders\Desktop\r86rzteq.exe
[2010/12/07 18:51:16 | 000,132,597 | ---- | C] () -- C:\Documents and Settings\Samuel M. Saunders\Desktop\Flash_Disinfector.exe
[2010/12/06 13:13:51 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxscnui.dll
[2010/12/06 13:13:48 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxftplt.exe
[2010/12/06 13:02:03 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2010/12/06 12:55:51 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010/12/06 12:54:42 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2010/12/06 12:54:39 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2010/12/06 12:54:34 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2010/12/06 12:53:36 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2010/12/06 12:52:42 | 000,165,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt53.dll
[2010/12/06 12:52:38 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt42.dll
[2010/12/06 12:52:33 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt34.dll
[2010/12/06 12:52:28 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt33.dll
[2010/12/06 12:52:24 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt21.dll
[2010/12/06 12:52:07 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2010/12/06 12:51:28 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2010/12/06 12:49:19 | 000,029,768 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divasu.dll
[2010/12/06 12:49:18 | 000,037,962 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaprop.dll
[2010/12/06 12:49:17 | 000,006,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaci.dll
[2010/12/06 12:47:37 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2010/12/06 12:46:17 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2010/12/06 12:46:16 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2010/12/06 12:46:16 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2010/12/06 12:46:15 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2010/12/06 12:46:14 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2010/12/06 12:46:14 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2010/12/06 12:46:13 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2010/12/06 12:46:13 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2010/12/06 12:46:11 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2010/12/06 12:46:04 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2010/12/06 11:25:46 | 000,002,473 | ---- | C] () -- C:\Documents and Settings\Samuel M. Saunders\Desktop\HiJackThis.lnk
[2010/12/04 17:25:59 | 000,004,444 | ---- | C] () -- C:\WINDOWS\System32\pid.PNF
[2010/12/04 17:25:09 | 000,144,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2010/12/04 17:25:09 | 000,014,433 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2010/12/04 17:25:08 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2010/12/04 17:25:08 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2010/12/04 17:25:08 | 000,112,918 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2010/12/04 17:25:08 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2010/12/04 17:25:08 | 000,034,747 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2010/12/04 17:25:08 | 000,034,063 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2010/12/04 17:25:08 | 000,026,991 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2010/12/04 17:25:08 | 000,016,535 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2010/12/04 17:25:08 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2010/12/04 17:25:08 | 000,012,363 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2010/12/04 17:25:08 | 000,010,027 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2010/12/04 17:25:08 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2010/12/04 17:25:08 | 000,007,710 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2010/12/04 17:25:08 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2010/12/04 17:25:07 | 002,144,487 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2010/12/04 17:25:07 | 001,296,669 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP3.CAT
[2010/12/04 17:25:07 | 000,522,220 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2009/09/28 04:02:05 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2009/08/13 07:11:17 | 000,019,350 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\kevik.bin
[2009/08/13 07:11:16 | 000,018,923 | ---- | C] () -- C:\Documents and Settings\Samuel M. Saunders\Application Data\raqivyv._dl
[2009/08/13 07:11:16 | 000,013,308 | ---- | C] () -- C:\Documents and Settings\Samuel M. Saunders\Application Data\lokafoje.bin
[2009/08/03 12:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/02/10 12:25:30 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/02/10 12:23:49 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPSNX400.ini
[2008/04/13 21:42:04 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2007/09/13 18:04:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MTB13GE.INI
[2007/02/23 16:52:26 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\Samuel M. Saunders\Application Data\$_hpcst$.hpc
[2007/01/10 05:18:18 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/07/03 04:25:16 | 000,000,036 | ---- | C] () -- C:\WINDOWS\webica.ini
[2005/12/26 16:54:59 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/12/16 08:51:15 | 000,000,387 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2005/11/01 10:06:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2005/02/10 10:17:50 | 000,172,056 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2004/07/13 17:40:39 | 000,011,142 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/07/04 04:17:40 | 000,000,700 | ---- | C] () -- C:\WINDOWS\MTB13.INI
[2004/05/23 04:06:18 | 000,207,360 | ---- | C] () -- C:\Documents and Settings\Samuel M. Saunders\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/05/19 08:58:26 | 000,000,141 | ---- | C] () -- C:\Documents and Settings\Samuel M. Saunders\Local Settings\Application Data\fusioncache.dat
[2004/05/13 21:30:05 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/05/13 21:18:33 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/05/13 21:08:18 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/05/13 20:48:54 | 000,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/01/23 06:03:50 | 000,000,791 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2003/01/07 12:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/09/03 10:35:18 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[1979/12/31 21:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== LOP Check ==========

[2008/07/18 06:19:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bloomberg
[2009/02/10 12:36:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2010/08/20 09:02:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/12/14 19:15:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/03/20 17:46:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/06/25 03:09:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/23 06:22:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/06/18 12:40:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/08/20 07:29:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samuel M. Saunders\Application Data\Aim
[2006/05/13 05:11:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samuel M. Saunders\Application Data\ICAClient
[2010/08/20 08:12:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samuel M. Saunders\Application Data\Juniper Networks
[2005/09/02 06:29:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samuel M. Saunders\Application Data\Leadertech
[2010/12/14 19:15:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samuel M. Saunders\Application Data\Viewpoint

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2002/09/03 10:36:02 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/12/04 17:48:43 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2002/09/03 10:13:28 | 000,000,512 | -HS- | M] () -- C:\BOOTSECT.DOS
[2010/12/14 20:47:03 | 000,014,465 | ---- | M] () -- C:\ComboFix.txt
[2002/09/03 10:36:02 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2004/05/13 20:52:28 | 000,005,751 | RH-- | M] () -- C:\DELL.SDR
[2010/12/16 22:05:30 | 535,875,584 | -HS- | M] () -- C:\hiberfil.sys
[2002/09/03 10:36:02 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2010/12/15 17:57:12 | 000,000,550 | ---- | M] () -- C:\ipconfig_all.txt
[2008/11/25 05:25:43 | 000,004,586 | -H-- | M] () -- C:\IPH.PH
[2010/12/16 21:14:35 | 000,001,857 | ---- | M] () -- C:\JavaRa.log
[2002/09/03 10:36:02 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2008/04/13 23:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/13 23:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/12/16 22:05:28 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys
[2010/12/10 12:38:06 | 000,053,490 | ---- | M] () -- C:\TDSSKiller.2.4.11.0_10.12.2010_12.36.40_log.txt

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2010/12/04 18:39:41 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\DESKTOP.INI

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2007/04/09 10:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\mdippr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2010/12/04 09:12:42 | 000,524,288 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\default.sav
[2010/11/30 08:08:30 | 000,057,344 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\security.sav
[2010/12/04 09:12:42 | 031,838,208 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\software.sav
[2010/12/04 09:12:42 | 006,262,784 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2010/12/04 18:40:18 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\DESKTOP.INI

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >
[2009/08/13 07:11:17 | 000,018,533 | ---- | M] () -- C:\WINDOWS\SYSTEM32\ewab.db

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/12/04 19:31:02 | 000,000,177 | -HS- | M] () -- C:\Documents and Settings\Samuel M. Saunders\Application Data\Microsoft\Internet Explorer\Quick Launch\DESKTOP.INI
[2004/05/19 04:15:40 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Samuel M. Saunders\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2004/02/20 12:11:12 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Samuel M. Saunders\Desktop\ATF-Cleaner.exe
[2010/12/13 11:43:58 | 003,989,182 | R--- | M] () -- C:\Documents and Settings\Samuel M. Saunders\Desktop\ComboFix.exe
[2010/12/07 11:07:38 | 000,132,597 | ---- | M] () -- C:\Documents and Settings\Samuel M. Saunders\Desktop\Flash_Disinfector.exe
[2010/12/10 11:49:50 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Samuel M. Saunders\Desktop\MBRCheck.exe
[2010/12/16 20:49:45 | 000,924,816 | ---- | M] () -- C:\Documents and Settings\Samuel M. Saunders\Desktop\Norton_Removal_Tool.exe
[2010/12/06 14:39:26 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Samuel M. Saunders\Desktop\OTL.exe
[2010/12/06 14:44:32 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Samuel M. Saunders\Desktop\r86rzteq.exe
[2010/12/08 14:48:08 | 001,344,600 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Samuel M. Saunders\Desktop\TDSSKiller.exe
[2010/12/07 11:03:32 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Samuel M. Saunders\Desktop\TFC.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/12/04 19:31:04 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Samuel M. Saunders\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2008/12/18 14:34:04 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\Samuel M. Saunders\Cookies\desktop.ini
[2010/12/16 22:05:45 | 000,032,768 | -HS- | M] () -- C:\Documents and Settings\Samuel M. Saunders\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2004/08/10 21:45:04 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\INF\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2002/12/17 07:23:22 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2002/12/17 07:23:28 | 000,000,807 | ---- | M] () -- C:\Program Files\Messenger\mailtmpl.txt
[2002/08/20 12:08:38 | 000,069,663 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\MSMSGSIN.EXE

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< End of report >

 

[Broni]

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  DRV - [2009/06/30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
  O3 - HKCU\..\Toolbar\ShellBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll File not found
  O2 - BHO: (CNisExtBho Class) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll File not found
  O2 - BHO: (CNavExtBho Class) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll File not found
  O3 - HKCU\..\Toolbar\WebBrowser: (Web assistant) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll File not found
  O4 - HKCU..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe File not found
  O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
  O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.co...128.5721643519 (Reg Error: Key error.)
  O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
  [1 C:\Documents and Settings\Samuel M. Saunders\*.tmp files -> C:\Documents and Settings\Samuel M. Saunders\*.tmp -> ] 
  [2009/08/13 07:11:17 | 000,019,350 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\kevik.bin
  [2009/08/13 07:11:16 | 000,018,923 | ---- | C] () -- C:\Documents and Settings\Samuel M. Saunders\Application Data\raqivyv._dl
  [2009/08/13 07:11:16 | 000,013,308 | ---- | C] () -- C:\Documents and Settings\Samuel M. Saunders\Application Data\lokafoje.bin
  [2010/12/14 19:15:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
  [2010/12/14 19:15:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samuel M. Saunders\Application Data\Viewpoint
  
  
  :Services
  
  :Reg
  
  :Files
  C:\Program Files\Common Files\Symantec Shared
  C:\Program Files\Norton Internet Security
  
  
  :Commands
  [purity]
  [emptytemp]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

=======================================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  
  NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• IMPORTANT! UN-check Remove found threats
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, push List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

 

[gluttony]

Hi Broni! Hope I didn't kill you with all those logs last night... thank you so much for your patience and dedication. OTL log below:


All processes killed
========== OTL ==========
Error: Unable to stop service pavboot!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pavboot deleted successfully.
C:\WINDOWS\SYSTEM32\DRIVERS\pavboot.sys moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9ECB9560-04F9-4bbc-943D-298DDF1699E1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9ECB9560-04F9-4bbc-943D-298DDF1699E1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDF3E430-B101-42AD-A544-FADC6B084872}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Symantec NetDriver Monitor deleted successfully.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {9F1C11AA-197B-4942-BA54-47A8489BB47F}
C:\WINDOWS\Downloaded Program Files\iuctl.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
C:\Documents and Settings\Samuel M. Saunders\atwbxdet.tmp deleted successfully.
C:\Documents and Settings\All Users\Application Data\kevik.bin moved successfully.
C:\Documents and Settings\Samuel M. Saunders\Application Data\raqivyv._dl moved successfully.
C:\Documents and Settings\Samuel M. Saunders\Application Data\lokafoje.bin moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\UserShell\AOL9Plus folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\UserShell\AOL9 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\UserShell folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\AxMetaStream_Win folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint folder moved successfully.
C:\Documents and Settings\Samuel M. Saunders\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03 folder moved successfully.
C:\Documents and Settings\Samuel M. Saunders\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02 folder moved successfully.
C:\Documents and Settings\Samuel M. Saunders\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01 folder moved successfully.
C:\Documents and Settings\Samuel M. Saunders\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00 folder moved successfully.
C:\Documents and Settings\Samuel M. Saunders\Application Data\Viewpoint\Viewpoint Media Player\Resources folder moved successfully.
C:\Documents and Settings\Samuel M. Saunders\Application Data\Viewpoint\Viewpoint Media Player folder moved successfully.
C:\Documents and Settings\Samuel M. Saunders\Application Data\Viewpoint folder moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\Program Files\Common Files\Symantec Shared not found.
File\Folder C:\Program Files\Norton Internet Security not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Kittie
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 0 bytes

User: Samuel M. Saunders
->Temp folder emptied: 38646353 bytes
->Temporary Internet Files folder emptied: 37868330 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 12372813 bytes
->Flash cache emptied: 615 bytes

User: SAMUEL~1~SAU

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16867 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 924816 bytes

Total Files Cleaned = 86.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: Guest
->Flash cache emptied: 0 bytes

User: Kittie
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService
->Flash cache emptied: 0 bytes

User: Samuel M. Saunders
->Flash cache emptied: 0 bytes

User: SAMUEL~1~SAU

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.17.3 log created on 12172010_184333

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_148.dat not found!

Registry entries deleted on Reboot...

 

[gluttony]

Security Check Log

Received the following error during scan:

AutoIt Error
Line -1:
Error: Variable must be of type "Object".

Log follows:

Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 23
Out of date Java installed!
Adobe Flash Player
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
``````````End of Log````````````

 

[Broni]

Still alive

Received the following error during scan:

Which scan?

Update Internet Explorer to at least version 7. Version 6 is obsolete and thus dangerous.

Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.
On this page:

make sure, you have both boxes UN-checked AND (important!) click on Decline button

I assume, Eset log is coming?

 

[gluttony]

lol... received "AutoIt Error Line -1: Error: Variable must be of type "Object"." during security check scan

 

[Broni]

As long as it ran....

 

[gluttony]

ESET Log

C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4131\setup.exe probably a variant of Win32/Agent.HZHBURL trojan

 

[Broni]

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  
  :Services
  
  :Reg
  
  :Files
  C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4131\setup.exe
  
  :Commands
  [purity]
  [emptytemp]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

==================================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

• Double-click OTL.exe to start the program.
• Close all other programs apart from OTL as this step will require a reboot
• On the OTL main screen, press the CLEANUP button
• Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.

 

[gluttony]

All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4131\setup.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Kittie
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Samuel M. Saunders
->Temp folder emptied: 59563 bytes
->Temporary Internet Files folder emptied: 635763 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 26986459 bytes
->Flash cache emptied: 0 bytes

User: SAMUEL~1~SAU

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16867 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 26.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: Guest
->Flash cache emptied: 0 bytes

User: Kittie
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService
->Flash cache emptied: 0 bytes

User: Samuel M. Saunders
->Flash cache emptied: 0 bytes

User: SAMUEL~1~SAU

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.17.3 log created on 12172010_210301

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_160.dat not found!

Registry entries deleted on Reboot...

 

[gluttony]

Hi Broni. I'm having trouble with step 3 Windows Update. PC won't run Windows Update (Error number: 0x8007043B) and BITS won't start:

could not start the background intelligent transfer service on local computer error 1083: The executable program that this service is configured to run in does not implement the service.

 

[Broni]

Try here: http://www.updatexp.com/0x8007043b.html

 

[gluttony]

End game (I hope)

Hi Broni,

The registry fix worked wonders on Windows Updates. I have now completed your 12-step program (I hope that's a coincidence). PC is behaving quite well. Although PSI detected an old Java environment and I had to re-run JavaRa to get rid of it, PSI score is 100%.

Please let me know if there is anything else I can do to stay protected and thank you for your time, effort and expertise. You da bomb!

 

[Broni]

Great news!

Read #11 from my reply #35 and you should be OK.

Good luck and stay safe

 

[gluttony]

Oh yeah, I studied #11 and got Spyware Blaster!

One issue: there is another user profile on the PC and Comodo will not run on that profile. I saw some posts on the Comodo forum, but no resolutions. Are you familiar with this problem and would you consider it particularly dangerous? Thank you for all the help and Happy Holidays!

 

[Broni]

Surely, every profile has to have its protection.
I suggest, you create new profile and delete malfunctioning one.